Manage TLS (SSL) certificates

Last update: May 12 2025

Manage TLS (SSL) certificates

TLS(SSL)-certificate is a unique digital signature of a website. TLS(SSL)-certificate is required for a secure connection between the client and the server (HTTPS protocol) when transmitting confidential information and conducting financial transactions.

Types of TLS(SSL) Certificates⁠

	Let's Encrypt®	Personal
Domains	All CDN resource domains	Personal domains of the resource, which are specified in the certificate
Management	You can't control	Disconnect Make active Delete
Update	Automatically	Manually

Let's Encrypt® Certificate⁠

The Let's Encrypt® certificate is issued automatically when a Selectel CDN resource is created and applies to all Selectel CDNs. default domains и personal domains connected to the resource.

Let's Encrypt® certificate has the following properties:

• certificate cannot be disabled or deleted, only replaced by a personalized certificate;
• A CDN resource can have only one valid Let's Encrypt® certificate;
• the certificate does not need to be manually renewed, it is automatically reissued when it expires.

Read more about Let's Encrypt® certificate restrictions in the article Rate Limits Let's Encrypt® documentation.

Personalized certificate⁠

If you have your own TLS(SSL)-certificate, you can add it to the CDN resource as a personalized certificate.

The certificate shall specify personal domains resources through which you want to distribute content over HTTPS.

Only one TLS(SSL) certificate can be active in a CDN resource. Domains that are not specified in the personal certificate will only receive content via HTTP.

If you remove the personal certificate, the resource is automatically issued for the resource Let's Encrypt® certificate.

Add a personalized certificate⁠

1. В control panels from the top menu, press Products and select CDN.

2. Open the CDN resource page → tab Certificates.

3. Click Add a certificate.

4. Open the tab Personal.

5. Insert the certificate for the domain. It must begin with -----BEGIN CERTIFICATE----- and end -----END CERTIFICATE-----.

   If you need to add multiple certificates, make sure that all certificates (primary certificate for the domain, intermediate certificates, and root certificate) create a complete chain. Value Issuer of the main certificate must match the value of the Subject of the first intermediate certificate, the value of Issuer of the first intermediate certificate with Subject the second intermediate and so on.

6. Insert the private key. It must begin with -----BEGIN PRIVATE KEY----- and end -----END PRIVATE KEY-----.

7. Click Add a personal SSL certificate.